[Samba] Problems accessing a file share using kerberos
Pedro Côrte-Real
pedro at pedrocr.net
Tue Feb 23 13:10:38 MST 2010
On Tue, Feb 23, 2010 at 12:47 AM, Michael Wood <esiotrot at gmail.com> wrote:
> I think attachments are disabled for this list. Perhaps you should
> put it on a web site somewhere and post a link instead.
I think this is small enough to send inline. Here's the log at debug level 10.
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
registry: False/0
lp_load_ex: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
doing parameter workgroup = stanford.edu
doing parameter server string = %h server (Samba, Ubuntu)
doing parameter wins server = 171.64.7.155
doing parameter dns proxy = no
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter syslog = 0
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter encrypt passwords = true
doing parameter passdb backend = tdbsam
doing parameter obey pam restrictions = yes
doing parameter unix password sync = yes
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
doing parameter pam password change = yes
doing parameter map to guest = bad user
doing parameter usershare allow guests = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: role = ROLE_STANDALONE
Attempting to register new charset UCS-2LE
Registered charset UCS-2LE
Attempting to register new charset UTF-16LE
Registered charset UTF-16LE
Attempting to register new charset UCS-2BE
Registered charset UCS-2BE
Attempting to register new charset UTF-16BE
Registered charset UTF-16BE
Attempting to register new charset UTF8
Registered charset UTF8
Attempting to register new charset UTF-8
Registered charset UTF-8
Attempting to register new charset ASCII
Registered charset ASCII
Attempting to register new charset 646
Registered charset 646
Attempting to register new charset ISO-8859-1
Registered charset ISO-8859-1
Attempting to register new charset UCS2-HEX
Registered charset UCS2-HEX
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
added interface wlan0 ip=fe80::221:5cff:fe31:f917%wlan0
bcast=fe80::ffff:ffff:ffff:ffff%wlan0 netmask=ffff:ffff:ffff:ffff::
added interface wlan0 ip=10.33.17.116 bcast=10.33.23.255 netmask=255.255.248.0
Netbios name list:-
my_netbios_names[0]="NASH"
Client started (version 3.4.0).
Opening cache file at /var/run/samba/gencache.tdb
tdb(unnamed): tdb_open_ex: could not open file
/var/run/samba/gencache.tdb: Permission denied
gencache_init: Opening cache file /var/run/samba/gencache.tdb read-only.
Cache entry with key = AD_SITENAME/DOMAIN/ couldn't be found
sitename_fetch: No stored sitename for
internal_resolve_name: looking up gsb-filer2#20 (sitename (null))
Cache entry with key = NBT/GSB-FILER2#20 couldn't be found
no entry for gsb-filer2#20 found.
resolve_lmhosts: Attempting lmhosts lookup for name gsb-filer2<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
such file or directory
resolve_wins: Attempting wins lookup for name gsb-filer2<0x20>
Cache entry with key = WINS_SRV_DEAD/171.64.7.155,0.0.0.0 couldn't be found
wins_srv_is_dead: 171.64.7.155 is alive
Current wins server for tag '*' with source 0.0.0.0 is 171.64.7.155
Cache entry with key = WINS_SRV_DEAD/171.64.7.155,0.0.0.0 couldn't be found
wins_srv_is_dead: 171.64.7.155 is alive
resolve_wins: using WINS server 171.64.7.155 and tag '*'
bind succeeded on port 0
Sending a packet of len 50 to (171.64.7.155) on port 137
read_udp_v4_socket: ip 171.64.7.155 port 35072 read: 62
parse_nmb: packet id = 30861
Received a packet of len 62 from (171.64.7.155) port 137
nmb packet from 171.64.7.155(137) header: id=30861 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=GSB-FILER2<20> rr_type=32 rr_class=1 ttl=0
answers 0 char `.. at .| hex 6000AB40D87C
Got a positive name query response from 171.64.7.155 ( 171.64.216.124 )
remove_duplicate_addrs2: looking for duplicate address/port pairs
namecache_store: storing 1 address for gsb-filer2#20: 171.64.216.124
Adding cache entry with key = NBT/GSB-FILER2#20; value =
171.64.216.124:0 and timeout = Fri Feb 19 22:00:12 2010
(660 seconds ahead)
internal_resolve_name: returning 1 addresses: 171.64.216.124:0
s3_event: Added timed event "tevent_req_timedout": 0x7f266cf23d20
s3_event: Added timed event "tevent_req_timedout": 0x7f266cf24dd0
Running timed event "tevent_req_timedout" 0x7f266cf23d20
s3_event: Destroying timer event 0x7f266cf23d20 "tevent_req_timedout"
s3_event: Added timed event "tevent_req_timedout": 0x7f266cf25200
Connecting to 171.64.216.124 at port 445
s3_event: Added timed event "tevent_req_timedout": 0x7f266cf25610
s3_event: Destroying timer event 0x7f266cf25610 "tevent_req_timedout"
s3_event: Destroying timer event 0x7f266cf25200 "tevent_req_timedout"
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_SNDBUF = 16384
SO_RCVBUF = 87380
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
session request ok
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
cli_chain_cork: mid=1
handle_incoming_pdu: got mid 1
Doing spnego session setup (blob length=111)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=gsb-filer2$@SU-GSB.WIN.STANFORD.EDU
Doing kerberos session setup
ads_cleanup_expired_creds: Ticket in ccache[FILE:/tmp/krb5cc_1000]
expiration Sat, 20 Feb 2010 20:55:00 PST
ads_krb5_mk_req: Ticket (gsb-filer2$@SU-GSB.WIN.STANFORD.EDU) in
ccache (FILE:/tmp/krb5cc_1000) is valid until: (Sat, 20 Feb 2010
20:55:00 PST - 1266728100)
Got KRB5 session key of length 16
cli_session_setup_blob: Remaining (0) sending (2857) current (2857)
write_socket(5,2942)
write_socket(5,2942) wrote 2942
got smb length of 258
size=258
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=152
smb_flg2=51207
smb_tid=0
smb_pid=12053
smb_uid=2048
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 141 (0x8D)
smb_bcc=215
[0000] A1 81 8A 30 81 87 A0 03 0A 01 01 A1 0B 06 09 2A ...0.... .......*
[0010] 86 48 82 F7 12 01 02 02 A2 73 04 71 60 6F 06 09 .H...... .s.q`o..
[0020] 2A 86 48 86 F7 12 01 02 02 03 00 7E 60 30 5E A0 *.H..... ...~`0^.
[0030] 03 02 01 05 A1 03 02 01 1E A4 11 18 0F 32 30 31 ........ .....201
[0040] 30 30 32 32 30 30 35 34 39 31 32 5A A5 05 02 03 00220054 912Z....
[0050] 07 C7 D2 A6 03 02 01 29 A9 19 1B 17 53 55 2D 47 .......) ....SU-G
[0060] 53 42 2E 57 49 4E 2E 53 54 41 4E 46 4F 52 44 2E SB.WIN.S TANFORD.
[0070] 45 44 55 AA 18 30 16 A0 03 02 01 01 A1 0F 30 0D EDU..0.. ......0.
[0080] 1B 0B 47 53 42 2D 46 49 4C 45 52 32 24 57 00 69 ..GSB-FI LER2$W.i
[0090] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E .n.d.o.w .s. .5..
[00A0] 00 30 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 .0...W.i .n.d.o.w
[00B0] 00 73 00 20 00 32 00 30 00 30 00 30 00 20 00 4C .s. .2.0 .0.0. .L
[00C0] 00 41 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 .A.N. .M .a.n.a.g
[00D0] 00 65 00 72 00 00 00 .e.r...
size=258
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=152
smb_flg2=51207
smb_tid=0
smb_pid=12053
smb_uid=2048
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 141 (0x8D)
smb_bcc=215
[0000] A1 81 8A 30 81 87 A0 03 0A 01 01 A1 0B 06 09 2A ...0.... .......*
[0010] 86 48 82 F7 12 01 02 02 A2 73 04 71 60 6F 06 09 .H...... .s.q`o..
[0020] 2A 86 48 86 F7 12 01 02 02 03 00 7E 60 30 5E A0 *.H..... ...~`0^.
[0030] 03 02 01 05 A1 03 02 01 1E A4 11 18 0F 32 30 31 ........ .....201
[0040] 30 30 32 32 30 30 35 34 39 31 32 5A A5 05 02 03 00220054 912Z....
[0050] 07 C7 D2 A6 03 02 01 29 A9 19 1B 17 53 55 2D 47 .......) ....SU-G
[0060] 53 42 2E 57 49 4E 2E 53 54 41 4E 46 4F 52 44 2E SB.WIN.S TANFORD.
[0070] 45 44 55 AA 18 30 16 A0 03 02 01 01 A1 0F 30 0D EDU..0.. ......0.
[0080] 1B 0B 47 53 42 2D 46 49 4C 45 52 32 24 57 00 69 ..GSB-FI LER2$W.i
[0090] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 35 00 2E .n.d.o.w .s. .5..
[00A0] 00 30 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 .0...W.i .n.d.o.w
[00B0] 00 73 00 20 00 32 00 30 00 30 00 30 00 20 00 4C .s. .2.0 .0.0. .L
[00C0] 00 41 00 4E 00 20 00 4D 00 61 00 6E 00 61 00 67 .A.N. .M .a.n.a.g
[00D0] 00 65 00 72 00 00 00 .e.r...
SPNEGO login failed: NT_STATUS_MORE_PROCESSING_REQUIRED
lang_tdb_init: /usr/share/samba/en_US.UTF-8.msg: No such file or directory
session setup failed: NT_STATUS_MORE_PROCESSING_REQUIRED
did you forget to run kinit?
More information about the samba
mailing list